From: Jacob Moody <moody@posixcafe.org>
To: 9front@9front.org
Subject: Re: [9front] WANTED: ip based filtering of incoming connections
Date: Fri, 26 Jul 2024 19:34:26 -0500 [thread overview]
Message-ID: <061c546d-9321-43dc-b4f8-97b9432443c2@posixcafe.org> (raw)
In-Reply-To: <65669461B2780267EEAFB7B99374421F@gaff.inri.net>
On 7/26/24 19:20, sl@stanleylieber.com wrote:
>>> For anyone following along at home, this has now been fixed in commit 605bed312a0a24db6cce2f7170353351cbddbd2d.
>>
>> i can now successfully block an individual ip:
>>
>> 168.235.81.125&255.255.255.255
>>
>> or a /24:
>>
>> 168.235.81.0&255.255.255.0
>>
>> but not a /14:
>>
>> 47.128.0.0&255.252.0.0
>
> use of the | separator seems to break filtering for the entire line:
>
> aux/dial -e 'ipmux!ver=4;src=85.208.96.0&255.255.255.0|85.208.98.0&255.255.255.0' >/dev/null &
>
This is a bit tricky the interface does not quite work how you want it to.
From the man page:
Expr is of the form:
value
value|value|...
value&mask
value|value&mask
You are only allowed a single mask, not a mask per value.
So we take the input, AND it just once and then check if it matches any of the given values.
This is a bit strange, but it does seem to be intentional.
next prev parent reply other threads:[~2024-07-27 0:36 UTC|newest]
Thread overview: 27+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-07-25 21:56 Stanley Lieber
2024-07-25 22:08 ` B. Atticus Grobe
2024-07-26 0:34 ` Stanley Lieber
2024-07-26 0:47 ` Jacob Moody
2024-07-26 1:55 ` sl
2024-07-26 1:58 ` Jacob Moody
2024-07-26 2:00 ` sl
2024-07-26 3:36 ` sl
2024-07-26 3:43 ` Jacob Moody
2024-07-26 3:47 ` sl
2024-07-26 3:57 ` Jacob Moody
2024-07-26 3:57 ` sl
2024-07-26 4:17 ` Jacob Moody
2024-07-26 3:54 ` Romano
2024-07-26 4:02 ` sl
2024-07-26 4:13 ` Romano
2024-07-26 4:20 ` Romano
2024-07-26 4:44 ` Stanley Lieber
2024-07-26 5:14 ` Romano
2024-07-26 23:15 ` Jacob Moody
2024-07-26 23:47 ` sl
2024-07-27 0:20 ` sl
2024-07-27 0:34 ` Jacob Moody [this message]
2024-07-27 0:49 ` sl
2024-07-27 1:18 ` sl
2024-07-25 22:10 ` Jacob Moody
2024-07-25 22:33 ` Steve Simon
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=061c546d-9321-43dc-b4f8-97b9432443c2@posixcafe.org \
--to=moody@posixcafe.org \
--cc=9front@9front.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).